Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zs-D2IPrY8HwMVyzheN4J9-H5rs.roa
File: zs-D2IPrY8HwMVyzheN4J9-H5rs.roa (raw, json)
Hash identifier: +ZIn3eDbPouIs0S8P98RFr1lFzZdmbn3roi3PsqCyi8=
Subject key identifier: CE:CF:83:D8:83:EB:63:C1:F0:31:5C:B3:85:E3:78:27:DF:87:E6:BB
Certificate issuer: /CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Certificate serial: 019427481F6A58FC7FD4CFFF6B874C671378
Authority key identifier: 7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zs-D2IPrY8HwMVyzheN4J9-H5rs.roa
Signing time: Thu 02 Jan 2025 13:50:25 +0000
ROA not before: Thu 02 Jan 2025 13:50:25 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 32613
IP address blocks: 2a0c:9240::/29 maxlen: 29
2a0d:2ac0::/29 maxlen: 29
2a0e:5800::/29 maxlen: 29
2a0f:e8c0::/29 maxlen: 29
Validation: OK
Signature path: rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.mft
rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires: Mon 07 Apr 2025 10:01:10 +0000
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:27:48:1f:6a:58:fc:7f:d4:cf:ff:6b:87:4c:67:13:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d559aafbfc0931242e1d637298cf1dd223e4c26
Validity
Not Before: Jan 2 13:50:25 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=cecf83d883eb63c1f0315cb385e37827df87e6bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:83:15:92:7b:1c:d0:dc:7c:e4:93:3b:7d:2a:
73:80:1b:f4:02:3a:53:a6:75:ff:98:74:25:f1:1f:
0f:2d:d1:ce:60:cc:87:af:eb:5e:75:65:02:5a:66:
43:df:b2:bc:c0:a3:c3:ec:8a:0e:ee:39:20:5d:a1:
3f:31:27:1b:ab:6d:12:db:c6:96:ec:af:f5:c1:a2:
91:62:77:b1:9d:db:ae:90:1b:20:28:82:29:c8:89:
0e:db:b1:2b:91:c9:7b:12:a2:18:02:93:1b:b4:af:
fe:cd:d0:2d:0f:c2:fc:66:da:67:1a:cb:4d:3e:af:
82:1a:2e:ee:24:84:37:c1:da:3f:aa:08:a8:32:63:
ff:bf:70:bb:5e:3d:14:54:bd:06:ae:07:f6:ba:db:
09:97:7e:9a:64:4d:12:00:05:69:b6:06:b6:3b:80:
6a:9b:0c:ad:ee:b0:ba:4f:f4:1c:37:93:8f:22:78:
37:82:ee:6e:e9:ff:b9:41:9c:74:da:6d:22:51:96:
08:ad:a7:ca:fd:2d:19:b5:83:26:ed:2d:bc:a1:34:
45:85:8e:b8:6d:e1:4c:6c:14:51:28:98:98:d9:14:
75:45:e2:8f:1e:78:1c:70:e3:c8:df:d6:7f:9e:9e:
23:0c:38:c9:ea:0b:5a:17:f8:a2:c9:ce:ce:dc:f0:
94:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:CF:83:D8:83:EB:63:C1:F0:31:5C:B3:85:E3:78:27:DF:87:E6:BB
X509v3 Authority Key Identifier:
keyid:7D:55:9A:AF:BF:C0:93:12:42:E1:D6:37:29:8C:F1:DD:22:3E:4C:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVWar7_AkxJC4dY3KYzx3SI-TCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/zs-D2IPrY8HwMVyzheN4J9-H5rs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/49adc6-ba89-403f-ada9-8c5007c2a4b6/1/fVWar7_AkxJC4dY3KYzx3SI-TCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv6:
2a0c:9240::/29
2a0d:2ac0::/29
2a0e:5800::/29
2a0f:e8c0::/29
Signature Algorithm: sha256WithRSAEncryption
2a:27:09:31:8d:9e:af:26:1a:ab:e5:37:db:82:05:99:4d:03:
3b:b2:79:73:c3:78:39:ad:a2:77:4a:ed:d0:ff:1c:f1:db:99:
8b:6d:65:4a:0f:9b:6e:b7:55:ac:b1:59:16:e5:16:6f:dd:b4:
7a:02:00:8b:45:c7:06:31:b9:68:a2:bb:15:02:33:0c:97:8f:
9d:22:90:a8:2c:10:05:bb:4f:52:4d:b1:5d:5e:2f:b1:d2:58:
4c:5a:9d:c5:a8:97:f0:81:5f:41:05:3c:50:61:10:76:63:f2:
80:64:78:32:82:26:21:e0:1b:70:4c:91:9e:b7:4c:37:59:ee:
f4:08:b5:f3:52:05:16:0d:39:a5:b0:09:80:7b:62:ad:b3:bc:
45:5b:37:c5:0d:80:59:7d:32:64:1e:a2:eb:3c:68:77:4c:d5:
eb:59:47:15:4f:4b:f8:c8:2c:a0:98:be:c9:97:c9:d5:ab:28:
6b:61:f4:e3:dc:f4:cb:d6:b8:3c:fd:01:73:dd:5b:8c:6f:a4:
fc:c2:28:e7:70:66:11:ca:21:e4:08:99:55:69:4d:da:89:de:
f1:5b:d0:18:10:9a:6d:e0:c2:fd:c2:51:ad:3d:57:b3:ca:e2:
94:4a:4e:50:70:03:8c:2d:80:0e:2c:bb:9e:f5:e2:d0:e2:f4:
fe:9d:df:c8
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQnSB9qWPx/1M//a4dMZxN4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTU5YWFmYmZjMDkzMTI0MmUxZDYzNzI5OGNmMWRkMjIz
ZTRjMjYwHhcNMjUwMTAyMTM1MDI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWNmODNkODgzZWI2M2MxZjAzMTVjYjM4NWUzNzgyN2RmODdlNmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz4MVknsc0Nx85JM7fSpzgBv0AjpT
pnX/mHQl8R8PLdHOYMyHr+tedWUCWmZD37K8wKPD7IoO7jkgXaE/MScbq20S28aW
7K/1waKRYnexnduukBsgKIIpyIkO27Erkcl7EqIYApMbtK/+zdAtD8L8ZtpnGstN
Pq+CGi7uJIQ3wdo/qgioMmP/v3C7Xj0UVL0Grgf2utsJl36aZE0SAAVptga2O4Bq
mwyt7rC6T/QcN5OPIng3gu5u6f+5QZx02m0iUZYIrafK/S0ZtYMm7S28oTRFhY64
beFMbBRRKJiY2RR1ReKPHngccOPI39Z/np4jDDjJ6gtaF/iiyc7O3PCU0wIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFM7Pg9iD62PB8DFcs4XjeCffh+a7MB8GA1UdIwQY
MBaAFH1Vmq+/wJMSQuHWNymM8d0iPkwmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTkt
OGM1MDA3YzJhNGI2LzEvenMtRDJJUHJZOEh3TVZ5emhlTjRKOS1INXJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC80OWFkYzYtYmE4OS00MDNmLWFkYTktOGM1MDA3YzJhNGI2
LzEvZlZXYXI3X0FreEpDNGRZM0tZengzU0ktVENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDUGCCsGAQUFBwEHAQH/BCYwJDAiBAIAAjAcAwUDKgySQAMF
AyoNKsADBQMqDlgAAwUDKg/owDANBgkqhkiG9w0BAQsFAAOCAQEAKicJMY2eryYa
q+U324IFmU0DO7J5c8N4Oa2id0rt0P8c8duZi21lSg+bbrdVrLFZFuUWb920egIA
i0XHBjG5aKK7FQIzDJePnSKQqCwQBbtPUk2xXV4vsdJYTFqdxaiX8IFfQQU8UGEQ
dmPygGR4MoImIeAbcEyRnrdMN1nu9Ai181IFFg05pbAJgHtirbO8RVs3xQ2AWX0y
ZB6i6zxod0zV61lHFU9L+MgsoJi+yZfJ1asoa2H049z0y9a4PP0Bc91bjG+k/MIo
53BmEcoh5AiZVWlN2one8VvQGBCabeDC/cJRrT1Xs8rilEpOUHADjC2ADiy7nvXi
0OL0/p3fyA==
-----END CERTIFICATE-----
Generated at Sun Apr 6 20:33:19 2025 by rpki-client